California passes bill giving consumers more control over how companies collect data

This illustration picture taken on April 20, 2018 in Paris shows apps for Google, Amazon, Facebook, Apple and the reflection of a binary code displayed on a tablet screen. Photo: AFP

California Governor Jerry Brown on Thursday signed data privacy legislation aimed at giving consumers more control over how companies collect and manage their personal information, a proposal that Google and other big companies had opposed as too burdensome.

Under the proposal, large companies, such as those with data on more than 50,000 people, would be required starting in 2020 to let consumers view the data they have collected on them, request deletion of data, and opt out of having the data sold to third parties. Companies must provide equal service to consumers who exercise such rights under the law.

Each violation would carry a $7,500 fine. The law applies to users in California.

“This is a huge step forward for California,” State Senator Bob Hertzberg, a Democrat, said during a livestreamed press conference Thursday. “This is a huge step forward for people across the country.”

Brown signed the measure hours after it unanimously passed the two houses of the legislature as part of an effort to stop a similar measure from reaching the state’s November election ballot.

Laws originating in the legislature instead of from ballot initiatives are easier to amend if issues arise, and even opponents in the business community characterized the legislature’s version as the lesser of two evils.

Alastair Mactaggart, a California real estate developer who spent about $1.4 million earlier this year to qualify the measure for the ballot, had until Thursday evening to pull his initiative before state officials set the ballot. Mactaggart had agreed to do so if Brown signed the bill.

He described the compromise on Thursday as a “landmark accomplishment, which is the strictest privacy bill ever achieved in this country.”

The measure would affect nearly every major business, but large technology firms that play an ever-increasing role in online communications and commerce are a big target. Data breaches affecting Facebook Inc, Uber Technologies Inc and other companies have generated increased public pressure for regulators to step in.

Executives at Alphabet Inc’s Google had warned that the measure could have unintended consequences but have not said what those might be.

“We think there’s a set of ramifications that’s really difficult to understand,” Google senior vice president Sridhar Ramaswamy told reporters on Tuesday. “User privacy needs to be thoughtfully balanced against legitimate business needs.”

The Internet Association, which also represents Facebook and Amazon.com Inc (AMZN.O), had opposed the bill, as had the California Chamber of Commerce, National Retail Federation and the Association of National Advertisers.

CTIA, a wireless industry trade group, called on the US Congress to pass legislation instead.

Eric Goldman, a technology law professor at Santa Clara University, said on his blog this week that the law “will likely” affect users outside of California too “because of the hassle and expense of building state-by-state consumer” experiences.